package cn.worldyao.demo;

import cn.worldyao.demo.util.Tools;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.authc.credential.SimpleCredentialsMatcher;
import org.springframework.context.annotation.Bean;

public class CredentialMatcher extends SimpleCredentialsMatcher {

    @Bean("credentialsMatcher")
    public HashedCredentialsMatcher credentialsMatcher(){
        HashedCredentialsMatcher hashedCredentialsMatcher = new HashedCredentialsMatcher();
        //加密方式
        hashedCredentialsMatcher.setHashAlgorithmName("MD5");
        //加密次数
        hashedCredentialsMatcher.setHashIterations(2);
        //存储散列后的密码是否为16进制
        //hashedCredentialsMatcher.isStoredCredentialsHexEncoded();
        return hashedCredentialsMatcher;

//        HashedCredentialsMatcher credentialsMatcher = new HashedCredentialsMatcher();
        //加密算法的名字，也可以设置MD5等其他加密算法名字
//        credentialsMatcher.setHashAlgorithmName("SHA-256");
        //加密次数
//        credentialsMatcher.setHashIterations(20);
        //加密为哈希
//        credentialsMatcher.setStoredCredentialsHexEncoded(true);

//        return credentialsMatcher;
    }

    //密码校验规则的重写
    // AuthRealm 中 doGetAuthenticationInfo 执行之后会到达这里来 进行密码比对
//    @Override
//    public boolean doCredentialsMatch(AuthenticationToken token, AuthenticationInfo info) {
        /**
         *  获取到用户输入的密码，进行盐值加密，加密方式与注册时相同，再与数据库中已加过密的密码进行比较
         */
//        UsernamePasswordToken usernamePasswordToken = (UsernamePasswordToken) token;
//        String password = new String(usernamePasswordToken.getPassword());
        //把用户输入的密码 进行加密
//        password = Tools.MD5Pwd(info.);
//        password = Tools.MD5Pwd(info.);
        //数据库中的密码
//        String dbPassword = (String) info.getCredentials();
//        return this.equals(password, dbPassword);
//    }
}
